The 'rsyslog' daemon should not accept remote messages
unless the system acts as a log server.
If the system needs to act as a central log server, add the following lines to
'/etc/rsyslog.conf' to enable reception of messages over UDP:
$ModLoad imudp
$UDPServerRun 514
[enable_rsyslog_to_accept_messages/disable_accepting_message_via_udp]
Many devices, such as switches, routers, and other Unix-like systems, may only support
the traditional syslog transmission over UDP. If the system must act as a log server,
this enables it to receive their messages as well.
oval:org.secpod.oval:def:48864
oval:org.secpod.oval:def:48257
SCAP Repo OVAL Definition
2018-11-08